Our online privacy stories helped spark the idea for a Help Desk, where we can collect and answer questions from Washington Post readers about the technology in their lives.

This week, we’re looking at tracking, data collection and privacy, with readers wondering just how much companies know about their online — and offline — activities. Is anything really private while our phones, smart speakers and voice assistants are around? And is all the anxiety about online privacy really necessary?

We also want to hear your questions about ad targeting, digital privacy and corporate surveillance. Send them to us at yourhelpdesk@washpost.com. Until then, here are some answers to your most pressing privacy concerns.

Is my phone listening to me? Is my phone listening in on my conversations and recommending me ads based on what it hears? I was having a conversation with my sister about buying clothes and she recommended Etsy then moments after that conversation ended I was browsing Reddit and saw an Etsy ad out of the blue. Then I browsed Facebook and saw another Etsy ad. Is it pure coincidence?

— CJ, New Haven, Conn.

This is one of the most frequent tech questions I hear from friends and family. Some news sites have claimed that companies use our phones to listen to our conversations and figure out what we might want to buy next. Other outlets have reported that isn’t true, and Facebook CEO Mark Zuckerberg has denied it under oath. What’s going on here?

“It’s an old wives’ tale,” said Eric Seufert, who founded the marketing consultancy Heracles Media and runs a popular blog for app developers. “It’s this kind of mythical, horrific, but ultimately untrue, fear.”

The short answer is: No, your phone isn’t listening. But why is this rumor so hard to shake?

Like you described, sometimes a company’s ability to show us an ad for something we were just thinking or talking about is totally uncanny. How does Instagram know when I am in precisely the head space to spend $50 on roller skates despite living on top of a giant hill?

As we’ve reported, Instagram and its owner, Facebook, don’t need to listen to my conversations to figure out that I’ve got a drawer dedicated to ill-advised hobby equipment. Neither do other giant ad companies like Google and Amazon. They already have my search history, in-app interactions, past purchases, online profiles and favorite websites, and they share that information with advertisers for a price.

Let’s imagine that you get together with your sister and mention that you’ve always wanted to go to Disney World. The next day, you hop onto Facebook and suddenly see ads for the theme park.

To a creeped-out customer, the connection seems clear: Conversation about Disney World —> ad for Disney World. But this coincidence might have nothing to do with the words you said out loud, Seufert explained.

Maybe after mentioning Disney World, you absent-mindedly flipped open an airline app and checked how much it would cost to fly to Orlando this summer, he said. Now, the online ad machine knows you’re considering Orlando — who better to hit with an ad for Disney World? Or maybe you’d been getting the ads all along and only noticed them after the discussion.

But the best argument against audio targeting is this, according to Seufert: If we truly believe companies are using our phones to listen to every single thing we say, wouldn’t it be time to panic? The only reasonable response to an invasion of privacy at that scale would be tossing our phones into the ocean, he said.

In that sense, the audio-targeting debate is a good excuse to ask yourself where you’d draw the line in terms of companies and governments peeking into your life. How much surveillance is too much, and who should get to decide?

Why should I care about online privacy, anyway? So I’ve seen your articles on how tech takes advantage of you and agree that it’s a huge violation (not to add creepy). I’d love it if you elaborated on why targeted ads are so bad, and what could possibly happen with the data collected on us in the future?

— Cleo, Halifax, Nova Scotia

Thank you for this honest question. Tech journalists can write stories all day about the different ways companies use personal data to learn about you and advertise to you, but that doesn’t automatically make targeted advertising and data collection bad.

Smart people at companies including Google and Facebook make strong arguments for targeted advertising. It helps businesses reach new audiences. It makes the ads you inevitably see better match your interests — spending money on new stuff is necessary sometimes. And it powers personalized experiences online. Thanks to data collection, TikTok learned to show me videos of (my favorite thing) angry cats listening to (my other favorite thing) Broadway classics.

There are plenty of brands that rely on targeted advertising and data collection for their revenue, including YouTube, Reddit and even The Washington Post.

There’s also a growing number of privacy advocates who don’t like that people aren’t given much choice about what they share with companies and when. Targeted ads may compel us to spend more money and expose us to more false information. And as more of our lives move into virtual spaces and technology becomes more embedded, these debates get more urgent. What will data collection look like in the metaverse or in technology that connects directly with our brains?

Casey Oppenheim, co-founder and CEO of Disconnect, an app that blocks “trackers” that scoop up your data on different apps and websites, said companies don’t just collect fragmented pieces of your data — a name here and a phone number there. They build profiles of you and make inferences about you based on the data they see, and they sell or share those profiles with advertisers, politicians and even law enforcement.

It’s weird that people don’t get the option to say “no” to all this data sharing, he said. Plus, as the line between our real and online lives gets blurrier, so does the term “personal data.” Is a company that tracks everything I do on my browser monitoring my personal data, or is it monitoring me?

How much you care about privacy depends on how all this makes you feel. If you like personalized online experiences and guarding information about yourself isn’t a priority, you’re definitely not alone. If you’d feel better with more rules around what information companies and governments can collect about you and when, that’s a good reason to dedicate some brain space to online privacy.

For a quick and easy online privacy crash course, check out this guide to settings you can change today.


Oppenheim’s top privacy tips:

  • Use a browser with tracking protection and install a tracking protection app (like Disconnect, Lockdown or DuckDuckGo) on your mobile devices.
  • Use private browsing mode whenever possible so that tracking cookies are deleted after your browsing session. (On Chrome for desktop, right-click the Chrome icon you’d normally use to launch the browser and choose “New Incognito window.” Other browsers have similar functions.)
  • Review app permissions periodically (On an iPhone, that’s at Settings —> Privacy). Pay special attention to location, tracking, camera, microphone and contacts permission. Also glance at background refresh permissions (Settings —> General —> Background App Refresh) and flip off any apps you don’t want sending data while not in use. Last, delete apps you don’t need.
  • When you fill out forms online, use a fake name and burner email address unless you’re signing up for a service that genuinely needs your information. Here’s an easy fake email address generator.
  • Use cash for sensitive purchases, like medicine at the pharmacy, and don’t sign up for drugstore loyalty programs, which can track and share your purchase history.

Trapped in password purgatory: I am tempted to use a password wallet, but I’m afraid it, too, can be hacked. I have so many passwords that need to be changed. I can’t cope! Is there a safe solution?

— Peggy, North Canton, Ohio

I feel your pain, Peggy. Choosing a password manager, which is an app that stores and automatically fills in your passwords for you, is only half the battle. The other half is tracking down all your passwords, typing them into the manager tool and changing any that are too simple or that you’ve used too often.

Despite the hurdles, I found that my password manager is well worth the hours of weekend time it took me to set up. (I use Dashlane, and we’ve also recommended LastPass and 1Password.) Here’s what I learned: If you’ve ever allowed Apple or Google to save your passwords, use those lists to start getting your most important passwords into the manager tool. You can find a list of any passwords Google has saved at passwords.google.com. On an Apple device, go to the Settings app and scroll down to Passwords. Here, you can also tap Security Recommendations and Apple will show you which of your passwords have appeared in data leaks. Change those as soon as possible. You can use your password manager’s automated generator to come up with long, complex passwords that aren’t easy to guess. Then just copy and paste into the app or website and hit “save” each time the password manager asks if you’d like to remember that username and password.

Once your most important accounts — the ones with health or financial information — are locked down, start changing the passwords on your other accounts. Settle in with some music and your phone nearby in case you get log-in codes over text and get in a password-changing groove.

As for the password to the manager app itself, choose something long, with numbers and symbols, that you haven’t used anywhere else. If you need to, write it down somewhere no one else will access. And change it every few months. That should provide some peace of mind.

I have every confidence you can do it, and let me know how it goes!